LEGAL

Privacy

Preface

It may sometimes seem a little cumbersome to read privacy statements. That is why I am glad that you are taking the time. 

Let me give you a brief explanation of how our business works:

We place internet advertisements in search engines to present our ads to interested parties. With the help of a success measurement we answer the question which advertisement leads to customers buying something. For this purpose, we have implemented a privacy friendly solution that only transfers data to Google Analytics if you visit us via a Google advertisement and then buy something (More under the section §3 paragraph 7).

The use of analysis tools is of course only carried out by ourselves; we do not integrate any tracking scripts of third parties – not even Google Analytics. All content is delivered by our server (no content delivery network, no Google fonts etc.). 

– Christopher Eller, owner of ISMS Solutions –

§ 1 Information on the collection of personal data

1. General

In the following we inform you about the collection of personal data when using this website. 

Personal data are all data relating to an identified or identifiable natural person. In the context of our website, this includes, for example, name, e-mail address, postal address or IP address.

2. Responsible body

Christopher Eller IT-Beratung is responsible for the processing of data (in accordance with Art. 4 Para. 7 of the EU Data Protection Regulation (GDPR)). The contact details can be found in the imprint.

3. Use of third party services

We commission service providers for individual services or functions of this website. We will inform you in detail about the respective processes below.

§ 3 Collection and processing of personal data

1. ordering a product

If you place an item in the shopping basket and order it using the order function integrated into the page, the information you provide (name, company, address, order comment) is stored in order to process your order. Your IP address will be saved together with your order to protect us against fraud through incorrect orders.

We delete the data collected in this context when the storage is no longer necessary to answer your enquiry.

We delete your IP address from the order as soon as the payment has been made.

Please note that legal storage obligations may extend the period of time during which we store your data. In this case, we will restrict the processing of the data and delete it after expiry of the obligation to retain it.

The legal basis according to GDPR is for this:

  • Art. 6. paragraph 1 lit. b) – Fulfilment of a contract (processing of the order)
  • Art. 6 para. 1 lit. f) – Legitimate interest (Our legitimate interest in protecting ourselves against fraud)

2. Payment

Due to the increasing incidence of fraud, it is no longer possible for us to offer the classic purchase on account to new customers.

Therefore we use the service providers “Paypal” and “Stripe” to process your payment. They carry out a risk analysis based on the data entered. The processing of your payment and payment data is the responsibility of these providers.

Legal basis according to GDPR is for this:

  • Art. 6. paragraph 1 lit. b) – Fulfilment of a contract (processing of the order)
  • Art. 6 para. 1 lit. f) – Legitimate interest (Our legitimate interest in protecting ourselves against fraud)

3. Use of the product

You can access the information available to you by using the login data provided. If the tariff you ordered expires, your account will not be automatically deleted. You can use it to request renewal of the product or deletion of all your data.

When you use our product, we will record your progress in processing the training courses in the Academy module in order to provide you with the best possible support for support requests.

You also have the possibility to participate in the members’ forum under your name. Your specified name, which can be pseudonymized in the profile settings, will appear in the platform for other users when they use the Academy, for example. Other users have the possibility to contact you under this name via chat.

We delete the data arising in this connection as soon as you delete your user account.

Please note that statutory retention obligations may extend the period in which we retain your data. In this case, we will restrict the processing of the data and delete it after expiry of the obligation to retain it.

The legal basis according to GDPR is for this:

  • Art. 6. paragraph 1 lit. b) – Fulfilment of a contract (provision of the forum, answering before support requests)
  • Art. 6 para. 1 lit. f) – Legitimate interest (Our legitimate interest in protecting ourselves against fraud and moderating our forum)

4. E-Mails

If you subscribe to the newsletter or an e-mail course on our website, we will store your address in our system in order to send you the corresponding e-mails.
We delete these addresses as soon as you unsubscribe from the newsletter.

Furthermore, we send him/her e-mails about product updates or upcoming events (e.g. online seminars) as part of our service.
You can also cancel the sending of such messages at any time during an ongoing subscription.

The legal basis according to GDPR is for this:

  • Art. 6 Para. 1 lit. a) – Consent (By subscribing to the newsletter or e-mail offer via a form on the website)
  • Art. 6 para. 1 lit. b) – Fulfilment of a contract (sending of update notifications or event notices within the framework of the product contract)

5. Contact by e-mail or form

If you contact us by e-mail or the contact forms provided, the information you provide (e-mail address, telephone number, your name, your user account (if available), your message text) will be stored in order to answer your request.

We delete the data collected in this context when the storage is no longer necessary to answer your enquiry.

Please note that legal storage obligations may extend the period of time during which we store your data. In this case, we will restrict the processing of the data and delete it after the storage obligation has expired.

The legal basis according to GDPR is for this:

  • Art. 6 Para. 1 lit. a) – Consent (by establishing contact on your part)
  • Art. 6. par. 1 lit. b) – Fulfilment of a contract (if your request refers to an existing contract with us or if you wish to conclude a contract)
  • Art. 6 para. 1 lit. f) – Legitimate interest (Our legitimate interest to answer your request)

6. Use of the website and our services

When you merely use the website and our services, i.e. when you do not interact directly with the contact form or otherwise transmit information, we only collect the personal data that your browser transmits to our server.

In order to display our website, to ensure the stability and security of the site and to statistically evaluate visits, we collect the following data:

  • IP address
  • Timestamp of your request
  • Your time zone
  • Content of the request (concrete website content)
  • HTTP status code
  • Quantities of data transferred
  • Browser incl. version and language
  • Operating system version

To analyse the flow of visitors we use the tool “Matomo” which only saves an anonymised IP address (last block of the IP address is replaced by “0”), the browser used and the pages called up. We operate this ourselves and are not dependent on third parties. The use of cookies for Matomo is deactivated.

We use a web application firewall to protect ourselves from attacks. This firewall uses a blacklist available on our server to ward off harmful attacks. If an attack is carried out and blocked, the IP of the attacker is sent to the provider of this blacklist to improve it. The IP will be removed after 90 days by the provider if no further harmful behaviour originates from this IP.

This data is stored beyond your visit for as long as it is necessary to ensure security functions such as protection against attacks.

Legal basis according to GDPR is for this:

  • Art. 6 para. 1 lit. f) – legitimate interest. Our legitimate interest:
    • to provide you with the requested website content.
    • to protect our website from attacks and to guarantee its technical operation.

7. Online advertising and performance measurement

We use the Google search engine to place advertisements that link to this page. Usually Google Analytics is integrated as a tracking script on websites to monitor the user’s session and measure how they behave.

Although we do not use Google Analytics, we rely on measuring the success of the ads (“Which ad makes customers buy something?”). We have implemented a solution that protects you from Google Analytics and allows us to measure the success of ads.

  • If you visit us via an advertisement, your Google Ads ID is temporarily stored by us within a session. In the case of a purchase within the same session (and only then) your Ads-ID is transferred to Google to measure the success of the ad.
    In detail:
    • If you come to us (Google Ads) via an advertisement after a search query in Google, Google will assign you a visitor ID (Google Ads ID / gclid) which your browser sends to us. For the duration of your session, this is temporarily stored by us as SessionID (PHP).
    • If you make a purchase on our site, we transmit this ID (gclid) back to an otherwise empty Google Analytics property with the information that something was purchased – no further information is transmitted (neither the items nor your address). Analytics reports this information to Google Ads to allow the assignment to the specific ad.
    • This allows us to see which ad was successful without having to record your session in Google Analytics. Since our server transmits the ID to Google and not your browser, none of the usual metrics of Analytics are collected about you (no location data, no browser information, no IP).
      However, please note that Google collects a lot of data when you use the search engine.
    • We have deliberately decided against storing the ID in a cookie to ensure that the data transfer to Google is masked by our server and your ID is only stored for the duration of the session. This means that the ID is not linked to several sessions over several days (e.g. to a session that you did not even initiate via an advertisement).
      Remarketing or similar is not used.
    • Further information on the use of data by Google, setting and objection options can be found in the Google data protection declaration (https://policies.google.com/privacy) and in the settings for the display of advertising by Google (https://adssettings.google.com/authenticated).

If you access our site directly, and not via an advertisement, your purchase will not be recorded by Google in any way.

The legal basis for Analysis & Tracking according to GDPR is for this:

  • Art. 6 para. 1 lit. f) – Legitimate interest (Our legitimate interest a) To measure the success of our advertisements.

8. Order processing

In some cases we use service providers to process your data or to provide services such as the provision of this website, to process your order or to issue invoices. These are carefully selected by us and are bound by our instructions.

9. Cookies

Cookies are small text files that are stored by your web browser: e.g. with the contents of your shopping basket in the online shop. This information is sent back to us by your browser when you call up the website again.

This helps us to recognise you again, for example to display an uncompleted order again or so that our analysis tools can recognise when users return to us often.

A distinction is made between “first party cookies” (cookies that come directly from our website) and “third party cookies” (cookies that come from a third party such as our web analysis service providers) – which are not used by us.

You can delete individual cookies or generally deactivate the use of cookies in your browser. Cookies have certain runtimes, after this time your browser automatically deletes them.

All cookies used are listed below. If a “*” is used, this means that there may be several cookies in your browser, which start with the same character string but serve the same function.

Essential

Essential cookies enable basic functions and are necessary for the proper functioning of the website. All essential cookies are first-party cookies (delivered by our server).

woocommerce_cart_hash

Purpose: Helps our shop system to recognise whether the contents of the shopping basket have been changed.
Cookie runtime: Until session ends

woocommerce_items_in_cart

Purpose: Helps the webshop to recognise whether products are in the shopping basket.
Cookie runtime: Until session ends

woocommerce_test_cookie

Purpose: The test cookie is used to determine whether your browser supports cookies when you login to the site.
Cookie runtime: Until session ends

wp_woocommerce_session*

Purpose: A unique number helps the shop system to assign you to the correct shopping basket.
Cookie runtime: 2 days

wp-settings*

Purpose: Saves settings that you have stored on your user account, such as the preferred time zone or the colour scheme of the website.
Cookie runtime: 1 year

wordpress_logged_in_*

Purpose: Required to allow you to login and use your account (if you have a user account).
Cookie runtime: 14 days

wordress_sec_*

Purpose: Required to allow you to login and use your account (if you have a user account).
Cookie runtime: 14 days